Photo: Wachiwit / Shutterstock.com
Microsoft is gearing up to make significant changes to how security vendors, including CrowdStrike, operate within Windows. By reducing reliance on kernel access, Microsoft aims to improve system resilience.
The move comes in response to a serious incident in July where a CrowdStrike update caused 8.5 million Windows systems to crash, prompting widespread concern about security software functioning at the kernel level.
Microsoft discussed the critical lessons learned from the July events at their Redmond HQ. The kernel is a core part of the Windows operating system; anything wrong at this level can cause catastrophic system failures.
“Both our customers and ecosystem partners have called on Microsoft to provide additional security capabilities outside of kernel mode which, along with safe deployment practices, can be used to create highly available security solutions,” said David Weston, Microsoft’s VP of enterprise and OS security
This initiative involves collaboration with top security companies, including CrowdStrike, Broadcom, Sophos, and Trend Micro. These discussions have revolved around balancing security efficiency and enhancing system reliability without granting unrestricted access to the kernel.
Although Microsoft has yet to state whether it will completely block kernel access for security vendors, it is developing a platform that could facilitate this transition.
Weston highlighted that anti-tampering protection and sensor requirements for security products are key considerations as the company moves forward. The goal is to create a robust system that ensures high-level security and stability.
Notably, as reported by The Verge, this isn’t Microsoft’s first attempt to restrict kernel access. In 2006, the company faced pushback from cybersecurity vendors and regulators when it tried to close off the kernel with Windows Vista.
This move by Microsoft has been well-received by the industry, with the company garnering support from several key players, including CrowdStrike.
“We appreciate the opportunity to join these important discussions with Microsoft and industry peers on how best to collaborate in building a more resilient and open Windows endpoint security ecosystem that strengthens security for our mutual customers,” said Drew Bagley, VP and Counsel, Privacy and Cyber Policy at CrowdStrike.
However, not all the industry leaders are on board. Cloudflare CEO Matthew Prince voiced concern over Microsoft’s potential control over endpoint security. He warned that while Microsoft locking down the kernel is not inherently problematic; there is a risk that Microsoft could restrict access for third parties while still granting its security products privileged status.
“A world where Microsoft can provide effective endpoint security is not a more secure world,” says Matthew Price, CEO of Cloudflare.
In the News: OpenAI unveils new o1 model with enhanced reasoning capabilities